1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and an apparatus for implementing Public Key Cryptography Standards (PKCS). Still more particularly, the present invention provides a method for manipulating PKCS-attributes and user-defined attributes in a PKCS compliant system.
2. Description of the Related Art
Public Key Cryptography Standard (PKCS) is a set of documents published by RSA Laboratories and serves to define data types and algorithms used in public-key cryptography. Public-key cryptography is a technology in which encryption and decryption involve the use of a public key and a private key, and either can encrypt and/or decrypt data. A user gives his or her public key to other users, keeping the private key to himself or herself. Data encrypted with a public key can be decrypted only with the corresponding private key, and vice versa.
The PKCS set of standards has been developed to assure that software using cryptography at two different sites could work together even when the software is developed by different vendors for a variety of purposes. In particular, standards are being developed to allow agreement on digital signatures, digital enveloping, digital certification, and key agreement. However, interoperability requires strict adherence to communicable formats, and PKCS provides a basis for interoperable standards in heterogeneous environments.
The present set of PKCS standards includes:
PKCS #1: RSA Encryption Standard;
PKCS #3: Diffie-Hellman Key Agreement Standard;
PKCS #5: Password-Based Encryption Standard;
PKCS #6: Extended-Certificate Syntax Standard;
PKCS #7: Cryptographic Message Syntax Standard;
PKCS #8: Private-Key Information Syntax Standard;
PKCS #9: Selected Attribute Types;
PKCS #10: Certification Request Syntax Standard;
PKCS #11: Cryptographic Token Interface Standard;
PKCS #12: Personal Information Exchange Syntax Standard;
PKCS #13: Elliptic Curve Cryptography Standard; and
PKCS #15: Cryptographic Token Information Format Standard.
Two independent levels of abstraction have been provided by these standards. The first level is message syntax, and the second level is specific encryption algorithms. The intention has been that message syntax and specific algorithms should be orthogonal. In other words, a standard for the syntax of digitally signed messages should be able to work with any public-key algorithm, not just RSA, the public-key algorithm invented by Rivest, Shamir, and Adleman involving exponentiation modulo the product of two large prime numbers; and a standard for RSA should be applicable to many different message syntax standards.
PKCS provides definitions of data objects that may be created, sent, and received between parties to a communication, while other standards are used to define the encoding syntax of the data streams containing these types of data objects. Abstract Syntax Notation One, abbreviated ASN.1, is a notation for describing abstract types and values. The Basic Encoding Rules (BER) for ASN.1 give one or more ways to represent any ASN.1 value as an octet string. The Distinguished Encoding Rules (DER) for ASN.1 are a subset of BER, and give exactly one way to represent any ASN.1 value as an octet string. DER is intended for applications in which a unique octet string encoding is needed, as is the case when a digital signature is computed on an ASN.1 value. ASN.1 and DER encoding are general purpose methods that can be applied to many domains in addition to PKCS.
One of the PKCS standard documents, PKCS #9, defines a set of attributes that can be used in other PKCS standards. PKCS #9 defines selected attribute types for use with various types of other data objects within other PKCS-standards, such as PKCS #6 extended certificates and PKCS #7 cryptographic messages. For example, PKCS #7 defines the syntax for several cryptographically protected messages, including encrypted messages and messages with digital signatures. PKCS #7 also allows arbitrary attributes, such as signing time, to be authenticated along with the content of a message. Originally an outgrowth of Internet Privacy-Enhanced Mail, PKCS #7 has become the basis for the widely implemented Secure/Multipurpose Internet Mail Extensions (S/MIME) secure electronic mail specification, an Internet e-mail security standard that employs public key encryption. PKCS #7 has become a basis for message security in systems as diverse as the Secure Electronic Transaction (SET) specification for bank systems.
Since PKCS #9 provides attributes to support other components in the PKCS set of standards, it is important that any software that processes PKCS #9 attributes handle these attributes in a robust manner. For example, a software application could be written such that it has knowledge of attributes defined as part of the PKCS #9 standard, and the application could treat unknown attributes as “undefined” attributes. However, given the fact that this set of standards continues to evolve, it is important for software that handles PKCS #9 attributes can handle “extended” attribute or user-defined attributes. Beyond the attributes that are defined as part of the standard, a software developer may desire to process a user-defined set of attributes along with the standard list of attributes.
Therefore, it would be advantageous to have an architecture and a method for manipulating PKCS attributes that allows a data processing system to be extended to accommodate additional attributes.